Hello all,
First, I hope I'm posting this in the right place. I did a good deal of looking, and here seemed like the best place.
I've done some significant looking through various sources of information, including asking on IRC, though I wasn't able to find any real direct answers to my question.
The best I could find was a link to https://fedoramagazine.org/node-js-6-x-lts-coming-epel-7/ which stated that for EL7, nodejs-0.10 was being just changed to 6.x. This doesn't explicitly say anything about EL6 though, which brings me to the actual question.
Since CVE-2017-11499 covers pretty much every version of NodeJS ( source: https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/ ) I was wondering if the fix was going to be backported, or if the NodeJS-0.10 (and 0.12) line was going to be completely dropped, with removal of the packages from the repo, or something else entirely?
I'm more just hoping to find a more official word on the plans for this. I can look through Koji and see that it's been untouched since October last year, and I can look through mailing list posts for the last 12 months, but I can't really find anything stating the plans for the package.
Cheers,